Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c2a350a3 authored by Jean Delvare's avatar Jean Delvare Committed by Greg Kroah-Hartman
Browse files

firmware: dmi: Stop decoding on broken entry



[ Upstream commit 0ef11f604503b1862a21597436283f158114d77e ]

If a DMI table entry is shorter than 4 bytes, it is invalid. Due to
how DMI table parsing works, it is impossible to safely recover from
such an error, so we have to stop decoding the table.

Signed-off-by: default avatarJean Delvare <jdelvare@suse.de>
Link: https://lore.kernel.org/linux-kernel/Zh2K3-HLXOesT_vZ@liuwe-devbox-debian-v2/T/


Reviewed-by: default avatarMichael Kelley <mhklinux@outlook.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 03f37e56
Loading
Loading
Loading
Loading
+11 −0
Original line number Diff line number Diff line
@@ -95,6 +95,17 @@ static void dmi_decode_table(u8 *buf,
	       (data - buf + sizeof(struct dmi_header)) <= dmi_len) {
		const struct dmi_header *dm = (const struct dmi_header *)data;

		/*
		 * If a short entry is found (less than 4 bytes), not only it
		 * is invalid, but we cannot reliably locate the next entry.
		 */
		if (dm->length < sizeof(struct dmi_header)) {
			pr_warn(FW_BUG
				"Corrupted DMI table, offset %zd (only %d entries processed)\n",
				data - buf, i);
			break;
		}

		/*
		 *  We want to know the total length (formatted area and
		 *  strings) before decoding to make sure we won't run off the